API Platform 3 Part 2: Security for your Treasures
|
Learn how to secure your API and protect your data with this comprehensive tutorial. From authentication to validation, we cover it all. Let’s get started!
What you’ll be learning
Here be dragons! We’ve built a pretty sweet API for storing dragon treasures… but we’ve completely neglected one minor detail: security! In this tutorial, we’ll secure our API Platform-powered API in every way imaginable… and spin up a nifty test suite along the way:
Disabling documentation on production
Different types of API authentication
Logging in via Ajax & sessions
Creating an API Token system with “scopes”
Securing your API resources
Bootstrapping tests with zenstruck/browser & zenstruck/foundry!
How to use PATCH
Adding security & securityPostDenormalize to operations & using object
Voters
Conditional fields based on permissions: #[ApiProperty(security: ‘is_granted(…)’)]
Using a “state processor” to hash user passwords
Dynamic serialization groups with a ContextBuilder
Completely dynamic fields by decorating the normalizer
Preventing “not allowed” data with validation
Automatically set the “owner” of an object on create
Auto-filter collections with “query extensions”
Sheesh! Let’s go!
User Reviews
Be the first to review “API Platform 3 Part 2: Security for your Treasures”
You must be logged in to post a review.
There are no reviews yet.